rbnacl-libsodium 1.0.13 → 1.0.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +5 -0
- data/lib/rbnacl/libsodium.rb +1 -0
- data/lib/rbnacl/libsodium/version.rb +1 -1
- data/vendor/libsodium/AUTHORS +2 -2
- data/vendor/libsodium/ChangeLog +64 -0
- data/vendor/libsodium/Makefile.am +1 -0
- data/vendor/libsodium/README.markdown +1 -3
- data/vendor/libsodium/THANKS +13 -3
- data/vendor/libsodium/builds/Makefile.am +65 -0
- data/vendor/libsodium/builds/msvc/resource.rc +2 -2
- data/vendor/libsodium/builds/msvc/version.h +3 -3
- data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/builds/msvc/vs2015/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/builds/msvc/vs2017/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/configure.ac +59 -10
- data/vendor/libsodium/contrib/Findsodium.cmake +2 -0
- data/vendor/libsodium/dist-build/emscripten-symbols.def +72 -32
- data/vendor/libsodium/dist-build/emscripten.sh +33 -6
- data/vendor/libsodium/dist-build/generate-emscripten-symbols.sh +52 -38
- data/vendor/libsodium/dist-build/ios.sh +2 -2
- data/vendor/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/libsodium.vcxproj.filters +220 -235
- data/vendor/libsodium/m4/ax_check_catchable_abrt.m4 +57 -0
- data/vendor/libsodium/m4/ax_check_gnu_make.m4 +2 -2
- data/vendor/libsodium/m4/ax_pthread.m4 +2 -2
- data/vendor/libsodium/msvc-scripts/process.bat +3 -3
- data/vendor/libsodium/packaging/dotnet-core/README.md +5 -5
- data/vendor/libsodium/packaging/dotnet-core/libsodium.props +5 -2
- data/vendor/libsodium/packaging/dotnet-core/prepare.py +13 -31
- data/vendor/libsodium/packaging/dotnet-core/recipes/linux-x64 +4 -0
- data/vendor/libsodium/packaging/nuget/package.config +1 -1
- data/vendor/libsodium/src/libsodium/Makefile.am +11 -12
- data/vendor/libsodium/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c +11 -4
- data/vendor/libsodium/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c +17 -4
- data/vendor/libsodium/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c +8 -1
- data/vendor/libsodium/src/libsodium/crypto_box/crypto_box.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_box/crypto_box_easy.c +5 -4
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c +11 -4
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c +78 -17
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c +74 -64
- data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c +2 -0
- data/vendor/libsodium/src/libsodium/crypto_kx/crypto_kx.c +7 -0
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h +1 -0
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c +17 -17
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-core.c +53 -48
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-core.h +37 -11
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c +23 -179
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx2.c +4 -12
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx512f.c +244 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ref.c +3 -12
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ssse3.c +4 -12
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2.c +1 -5
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/blamka-round-avx512f.h +145 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c +91 -14
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c +35 -14
- data/vendor/libsodium/src/libsodium/crypto_pwhash/crypto_pwhash.c +41 -4
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c +31 -17
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h +4 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c +5 -1
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c +30 -1
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c +8 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.c +3 -3
- data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c +5 -4
- data/vendor/libsodium/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c +11 -4
- data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c +311 -0
- data/vendor/libsodium/src/libsodium/crypto_sign/crypto_sign.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ed25519_ref10.h +3 -0
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/keypair.c +9 -2
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c +1 -1
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/open.c +6 -5
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/sign_ed25519.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c +3 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c +3 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c +3 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/stream_chacha20.c +12 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/crypto_stream.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/stream_salsa20.c +7 -1
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/xmm6int/u0.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/stream_salsa2012.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/stream_salsa208.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_verify/sodium/verify.c +66 -29
- data/vendor/libsodium/src/libsodium/include/Makefile.am +1 -1
- data/vendor/libsodium/src/libsodium/include/sodium.h +2 -2
- data/vendor/libsodium/src/libsodium/include/sodium/core.h +9 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_aes256gcm.h +26 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h +16 -4
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h +10 -4
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_box.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h +6 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h +24 -15
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_core_salsa208.h +8 -4
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash.h +40 -18
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_argon2i.h +8 -2
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_argon2id.h +8 -2
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h +11 -3
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h +6 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h +17 -8
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h +102 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_ed25519.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h +1 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_chacha20.h +10 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa20.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa2012.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa208.h +15 -5
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_xchacha20.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_xsalsa20.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/export.h +9 -0
- data/vendor/libsodium/src/libsodium/include/sodium/private/common.h +11 -0
- data/vendor/libsodium/src/libsodium/include/sodium/private/curve25519_ref10.h +2 -30
- data/vendor/libsodium/src/libsodium/include/sodium/randombytes.h +2 -0
- data/vendor/libsodium/src/libsodium/include/sodium/runtime.h +12 -9
- data/vendor/libsodium/src/libsodium/include/sodium/utils.h +36 -0
- data/vendor/libsodium/src/libsodium/randombytes/nativeclient/randombytes_nativeclient.c +3 -2
- data/vendor/libsodium/src/libsodium/randombytes/randombytes.c +18 -14
- data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +11 -10
- data/vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +20 -8
- data/vendor/libsodium/src/libsodium/sodium/codecs.c +333 -0
- data/vendor/libsodium/src/libsodium/sodium/core.c +36 -4
- data/vendor/libsodium/src/libsodium/sodium/runtime.c +18 -0
- data/vendor/libsodium/src/libsodium/sodium/utils.c +87 -100
- data/vendor/libsodium/test/constcheck.sh +19 -0
- data/vendor/libsodium/test/default/Makefile.am +39 -7
- data/vendor/libsodium/test/default/aead_aes256gcm.c +6 -0
- data/vendor/libsodium/test/default/aead_chacha20poly1305.c +16 -0
- data/vendor/libsodium/test/default/aead_xchacha20poly1305.c +25 -15
- data/vendor/libsodium/test/default/auth.c +13 -0
- data/vendor/libsodium/test/default/auth.exp +8 -0
- data/vendor/libsodium/test/default/box.c +3 -0
- data/vendor/libsodium/test/default/box2.c +2 -0
- data/vendor/libsodium/test/default/box_easy.c +1 -4
- data/vendor/libsodium/test/default/box_easy2.c +7 -3
- data/vendor/libsodium/test/default/chacha20.c +9 -2
- data/vendor/libsodium/test/default/cmptest.h +47 -1
- data/vendor/libsodium/test/default/codecs.c +226 -0
- data/vendor/libsodium/test/default/codecs.exp +28 -0
- data/vendor/libsodium/test/default/core3.c +42 -15
- data/vendor/libsodium/test/default/ed25519_convert.c +17 -0
- data/vendor/libsodium/test/default/kdf.c +8 -4
- data/vendor/libsodium/test/default/keygen.c +5 -2
- data/vendor/libsodium/test/default/kx.c +30 -0
- data/vendor/libsodium/test/default/metamorphic.c +187 -0
- data/vendor/libsodium/test/default/metamorphic.exp +1 -0
- data/vendor/libsodium/test/default/misuse.c +145 -0
- data/vendor/libsodium/test/default/misuse.exp +0 -0
- data/vendor/libsodium/test/default/onetimeauth.c +2 -0
- data/vendor/libsodium/test/default/{pwhash.c → pwhash_argon2i.c} +133 -106
- data/vendor/libsodium/test/default/{pwhash.exp → pwhash_argon2i.exp} +0 -1
- data/vendor/libsodium/test/default/pwhash_argon2id.c +254 -144
- data/vendor/libsodium/test/default/pwhash_argon2id.exp +2 -3
- data/vendor/libsodium/test/default/pwhash_scrypt.c +61 -18
- data/vendor/libsodium/test/default/pwhash_scrypt.exp +6 -0
- data/vendor/libsodium/test/default/randombytes.c +8 -3
- data/vendor/libsodium/test/default/secretbox.c +8 -0
- data/vendor/libsodium/test/default/secretbox2.c +5 -0
- data/vendor/libsodium/test/default/secretbox_easy.c +19 -1
- data/vendor/libsodium/test/default/secretbox_easy.exp +2 -0
- data/vendor/libsodium/test/default/secretbox_easy2.c +4 -0
- data/vendor/libsodium/test/default/secretstream.c +280 -0
- data/vendor/libsodium/test/default/secretstream.exp +1 -0
- data/vendor/libsodium/test/default/sign.c +31 -0
- data/vendor/libsodium/test/default/sodium_core.c +23 -1
- data/vendor/libsodium/test/default/sodium_core.exp +1 -1
- data/vendor/libsodium/test/default/sodium_utils.c +45 -56
- data/vendor/libsodium/test/default/sodium_utils.exp +0 -8
- data/vendor/libsodium/test/default/stream.c +2 -0
- data/vendor/libsodium/test/default/stream2.c +1 -0
- data/vendor/libsodium/test/default/xchacha20.c +58 -7
- metadata +21 -18
- data/vendor/libsodium/dist-build/emscripten-wasm.sh +0 -132
- data/vendor/libsodium/m4/pkg.m4 +0 -214
- data/vendor/libsodium/packaging/dotnet-core/desktop.targets +0 -16
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/afternm_aes128ctr.c +0 -174
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/beforenm_aes128ctr.c +0 -66
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/common.h +0 -766
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/consts.h +0 -28
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/consts_aes128ctr.c +0 -28
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/int128.h +0 -50
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/int128_aes128ctr.c +0 -149
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/stream_aes128ctr_nacl.c +0 -31
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/xor_afternm_aes128ctr.c +0 -195
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/stream_aes128ctr.c +0 -19
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_aes128ctr.h +0 -65
@@ -140,7 +140,7 @@ generate_addresses(const argon2_instance_t *instance,
|
|
140
140
|
}
|
141
141
|
}
|
142
142
|
|
143
|
-
|
143
|
+
void
|
144
144
|
fill_segment_ref(const argon2_instance_t *instance, argon2_position_t position)
|
145
145
|
{
|
146
146
|
block *ref_block = NULL, *curr_block = NULL;
|
@@ -153,7 +153,7 @@ fill_segment_ref(const argon2_instance_t *instance, argon2_position_t position)
|
|
153
153
|
int data_independent_addressing = 1;
|
154
154
|
|
155
155
|
if (instance == NULL) {
|
156
|
-
return
|
156
|
+
return;
|
157
157
|
}
|
158
158
|
|
159
159
|
if (instance->type == Argon2_id &&
|
@@ -161,12 +161,7 @@ fill_segment_ref(const argon2_instance_t *instance, argon2_position_t position)
|
|
161
161
|
data_independent_addressing = 0;
|
162
162
|
}
|
163
163
|
|
164
|
-
pseudo_rands =
|
165
|
-
(uint64_t *) malloc(sizeof(uint64_t) * (instance->segment_length));
|
166
|
-
|
167
|
-
if (pseudo_rands == NULL) {
|
168
|
-
return ARGON2_MEMORY_ALLOCATION_ERROR;
|
169
|
-
}
|
164
|
+
pseudo_rands = instance->pseudo_rands;
|
170
165
|
|
171
166
|
if (data_independent_addressing) {
|
172
167
|
generate_addresses(instance, &position, pseudo_rands);
|
@@ -235,8 +230,4 @@ fill_segment_ref(const argon2_instance_t *instance, argon2_position_t position)
|
|
235
230
|
curr_block);
|
236
231
|
}
|
237
232
|
}
|
238
|
-
|
239
|
-
free(pseudo_rands);
|
240
|
-
|
241
|
-
return ARGON2_OK;
|
242
233
|
}
|
@@ -139,7 +139,7 @@ generate_addresses(const argon2_instance_t *instance,
|
|
139
139
|
}
|
140
140
|
}
|
141
141
|
|
142
|
-
|
142
|
+
void
|
143
143
|
fill_segment_ssse3(const argon2_instance_t *instance,
|
144
144
|
argon2_position_t position)
|
145
145
|
{
|
@@ -147,14 +147,14 @@ fill_segment_ssse3(const argon2_instance_t *instance,
|
|
147
147
|
uint64_t pseudo_rand, ref_index, ref_lane;
|
148
148
|
uint32_t prev_offset, curr_offset;
|
149
149
|
uint32_t starting_index, i;
|
150
|
-
__m128i state[
|
150
|
+
__m128i state[ARGON2_OWORDS_IN_BLOCK];
|
151
151
|
int data_independent_addressing = 1;
|
152
152
|
|
153
153
|
/* Pseudo-random values that determine the reference block position */
|
154
154
|
uint64_t *pseudo_rands = NULL;
|
155
155
|
|
156
156
|
if (instance == NULL) {
|
157
|
-
return
|
157
|
+
return;
|
158
158
|
}
|
159
159
|
|
160
160
|
if (instance->type == Argon2_id &&
|
@@ -162,11 +162,7 @@ fill_segment_ssse3(const argon2_instance_t *instance,
|
|
162
162
|
data_independent_addressing = 0;
|
163
163
|
}
|
164
164
|
|
165
|
-
pseudo_rands =
|
166
|
-
(uint64_t *) malloc(sizeof(uint64_t) * instance->segment_length);
|
167
|
-
if (pseudo_rands == NULL) {
|
168
|
-
return ARGON2_MEMORY_ALLOCATION_ERROR;
|
169
|
-
}
|
165
|
+
pseudo_rands = instance->pseudo_rands;
|
170
166
|
|
171
167
|
if (data_independent_addressing) {
|
172
168
|
generate_addresses(instance, &position, pseudo_rands);
|
@@ -238,9 +234,5 @@ fill_segment_ssse3(const argon2_instance_t *instance,
|
|
238
234
|
(uint8_t *) curr_block->v);
|
239
235
|
}
|
240
236
|
}
|
241
|
-
|
242
|
-
free(pseudo_rands);
|
243
|
-
|
244
|
-
return ARGON2_OK;
|
245
237
|
}
|
246
238
|
#endif
|
@@ -70,11 +70,7 @@ argon2_ctx(argon2_context *context, argon2_type type)
|
|
70
70
|
}
|
71
71
|
|
72
72
|
/* 4. Filling memory */
|
73
|
-
|
74
|
-
|
75
|
-
if (ARGON2_OK != result) {
|
76
|
-
return result;
|
77
|
-
}
|
73
|
+
fill_memory_blocks(&instance);
|
78
74
|
|
79
75
|
/* 5. Finalization */
|
80
76
|
finalize(context, &instance);
|
@@ -47,7 +47,7 @@
|
|
47
47
|
ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS)
|
48
48
|
|
49
49
|
/* Minimum and maximum number of passes */
|
50
|
-
#define ARGON2_MIN_TIME UINT32_C(
|
50
|
+
#define ARGON2_MIN_TIME UINT32_C(1)
|
51
51
|
#define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF)
|
52
52
|
|
53
53
|
/* Minimum and maximum password length in bytes */
|
@@ -0,0 +1,145 @@
|
|
1
|
+
#ifndef blamka_round_avx512f_H
|
2
|
+
#define blamka_round_avx512f_H
|
3
|
+
|
4
|
+
#include "private/common.h"
|
5
|
+
#include "private/sse2_64_32.h"
|
6
|
+
|
7
|
+
#define ror64(x, n) _mm512_ror_epi64((x), (n))
|
8
|
+
|
9
|
+
static inline __m512i
|
10
|
+
muladd(__m512i x, __m512i y)
|
11
|
+
{
|
12
|
+
__m512i z = _mm512_mul_epu32(x, y);
|
13
|
+
|
14
|
+
return _mm512_add_epi64(_mm512_add_epi64(x, y), _mm512_add_epi64(z, z));
|
15
|
+
}
|
16
|
+
|
17
|
+
#define G1_AVX512F(A0, B0, C0, D0, A1, B1, C1, D1) \
|
18
|
+
do { \
|
19
|
+
A0 = muladd(A0, B0); \
|
20
|
+
A1 = muladd(A1, B1); \
|
21
|
+
\
|
22
|
+
D0 = _mm512_xor_si512(D0, A0); \
|
23
|
+
D1 = _mm512_xor_si512(D1, A1); \
|
24
|
+
\
|
25
|
+
D0 = ror64(D0, 32); \
|
26
|
+
D1 = ror64(D1, 32); \
|
27
|
+
\
|
28
|
+
C0 = muladd(C0, D0); \
|
29
|
+
C1 = muladd(C1, D1); \
|
30
|
+
\
|
31
|
+
B0 = _mm512_xor_si512(B0, C0); \
|
32
|
+
B1 = _mm512_xor_si512(B1, C1); \
|
33
|
+
\
|
34
|
+
B0 = ror64(B0, 24); \
|
35
|
+
B1 = ror64(B1, 24); \
|
36
|
+
} while ((void)0, 0)
|
37
|
+
|
38
|
+
#define G2_AVX512F(A0, B0, C0, D0, A1, B1, C1, D1) \
|
39
|
+
do { \
|
40
|
+
A0 = muladd(A0, B0); \
|
41
|
+
A1 = muladd(A1, B1); \
|
42
|
+
\
|
43
|
+
D0 = _mm512_xor_si512(D0, A0); \
|
44
|
+
D1 = _mm512_xor_si512(D1, A1); \
|
45
|
+
\
|
46
|
+
D0 = ror64(D0, 16); \
|
47
|
+
D1 = ror64(D1, 16); \
|
48
|
+
\
|
49
|
+
C0 = muladd(C0, D0); \
|
50
|
+
C1 = muladd(C1, D1); \
|
51
|
+
\
|
52
|
+
B0 = _mm512_xor_si512(B0, C0); \
|
53
|
+
B1 = _mm512_xor_si512(B1, C1); \
|
54
|
+
\
|
55
|
+
B0 = ror64(B0, 63); \
|
56
|
+
B1 = ror64(B1, 63); \
|
57
|
+
} while ((void)0, 0)
|
58
|
+
|
59
|
+
#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \
|
60
|
+
do { \
|
61
|
+
B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \
|
62
|
+
B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \
|
63
|
+
\
|
64
|
+
C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \
|
65
|
+
C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \
|
66
|
+
\
|
67
|
+
D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \
|
68
|
+
D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \
|
69
|
+
} while ((void)0, 0)
|
70
|
+
|
71
|
+
#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \
|
72
|
+
do { \
|
73
|
+
B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \
|
74
|
+
B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \
|
75
|
+
\
|
76
|
+
C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \
|
77
|
+
C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \
|
78
|
+
\
|
79
|
+
D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \
|
80
|
+
D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \
|
81
|
+
} while ((void)0, 0)
|
82
|
+
|
83
|
+
#define BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1) \
|
84
|
+
do { \
|
85
|
+
G1_AVX512F(A0, B0, C0, D0, A1, B1, C1, D1); \
|
86
|
+
G2_AVX512F(A0, B0, C0, D0, A1, B1, C1, D1); \
|
87
|
+
\
|
88
|
+
DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \
|
89
|
+
\
|
90
|
+
G1_AVX512F(A0, B0, C0, D0, A1, B1, C1, D1); \
|
91
|
+
G2_AVX512F(A0, B0, C0, D0, A1, B1, C1, D1); \
|
92
|
+
\
|
93
|
+
UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \
|
94
|
+
} while ((void)0, 0)
|
95
|
+
|
96
|
+
#define SWAP_HALVES(A0, A1) \
|
97
|
+
do { \
|
98
|
+
__m512i t0, t1; \
|
99
|
+
t0 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(1, 0, 1, 0)); \
|
100
|
+
t1 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(3, 2, 3, 2)); \
|
101
|
+
A0 = t0; \
|
102
|
+
A1 = t1; \
|
103
|
+
} while((void)0, 0)
|
104
|
+
|
105
|
+
#define SWAP_QUARTERS(A0, A1) \
|
106
|
+
do { \
|
107
|
+
SWAP_HALVES(A0, A1); \
|
108
|
+
A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \
|
109
|
+
A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \
|
110
|
+
} while((void)0, 0)
|
111
|
+
|
112
|
+
#define UNSWAP_QUARTERS(A0, A1) \
|
113
|
+
do { \
|
114
|
+
A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \
|
115
|
+
A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \
|
116
|
+
SWAP_HALVES(A0, A1); \
|
117
|
+
} while((void)0, 0)
|
118
|
+
|
119
|
+
#define BLAKE2_ROUND_1(A0, C0, B0, D0, A1, C1, B1, D1) \
|
120
|
+
do { \
|
121
|
+
SWAP_HALVES(A0, B0); \
|
122
|
+
SWAP_HALVES(C0, D0); \
|
123
|
+
SWAP_HALVES(A1, B1); \
|
124
|
+
SWAP_HALVES(C1, D1); \
|
125
|
+
BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \
|
126
|
+
SWAP_HALVES(A0, B0); \
|
127
|
+
SWAP_HALVES(C0, D0); \
|
128
|
+
SWAP_HALVES(A1, B1); \
|
129
|
+
SWAP_HALVES(C1, D1); \
|
130
|
+
} while ((void)0, 0)
|
131
|
+
|
132
|
+
#define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \
|
133
|
+
do { \
|
134
|
+
SWAP_QUARTERS(A0, A1); \
|
135
|
+
SWAP_QUARTERS(B0, B1); \
|
136
|
+
SWAP_QUARTERS(C0, C1); \
|
137
|
+
SWAP_QUARTERS(D0, D1); \
|
138
|
+
BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \
|
139
|
+
UNSWAP_QUARTERS(A0, A1); \
|
140
|
+
UNSWAP_QUARTERS(B0, B1); \
|
141
|
+
UNSWAP_QUARTERS(C0, C1); \
|
142
|
+
UNSWAP_QUARTERS(D0, D1); \
|
143
|
+
} while ((void)0, 0)
|
144
|
+
|
145
|
+
#endif
|
@@ -3,11 +3,16 @@
|
|
3
3
|
#include <limits.h>
|
4
4
|
#include <stddef.h>
|
5
5
|
#include <stdint.h>
|
6
|
+
#include <stdlib.h>
|
6
7
|
#include <string.h>
|
7
8
|
|
8
9
|
#include "argon2-core.h"
|
10
|
+
#include "argon2-encoding.h"
|
9
11
|
#include "argon2.h"
|
12
|
+
#include "crypto_pwhash.h"
|
10
13
|
#include "crypto_pwhash_argon2i.h"
|
14
|
+
#include "crypto_pwhash_argon2id.h"
|
15
|
+
#include "private/common.h"
|
11
16
|
#include "randombytes.h"
|
12
17
|
#include "utils.h"
|
13
18
|
|
@@ -22,30 +27,36 @@ crypto_pwhash_argon2i_alg_argon2i13(void)
|
|
22
27
|
size_t
|
23
28
|
crypto_pwhash_argon2i_bytes_min(void)
|
24
29
|
{
|
30
|
+
COMPILER_ASSERT(crypto_pwhash_argon2i_BYTES_MIN >= ARGON2_MIN_OUTLEN);
|
25
31
|
return crypto_pwhash_argon2i_BYTES_MIN;
|
26
32
|
}
|
27
33
|
|
28
34
|
size_t
|
29
35
|
crypto_pwhash_argon2i_bytes_max(void)
|
30
36
|
{
|
37
|
+
COMPILER_ASSERT(crypto_pwhash_argon2i_BYTES_MAX <= ARGON2_MAX_OUTLEN);
|
31
38
|
return crypto_pwhash_argon2i_BYTES_MAX;
|
32
39
|
}
|
33
40
|
|
34
41
|
size_t
|
35
42
|
crypto_pwhash_argon2i_passwd_min(void)
|
36
43
|
{
|
44
|
+
COMPILER_ASSERT(crypto_pwhash_argon2i_PASSWD_MIN >= ARGON2_MIN_PWD_LENGTH);
|
37
45
|
return crypto_pwhash_argon2i_PASSWD_MIN;
|
38
46
|
}
|
39
47
|
|
40
48
|
size_t
|
41
49
|
crypto_pwhash_argon2i_passwd_max(void)
|
42
50
|
{
|
51
|
+
COMPILER_ASSERT(crypto_pwhash_argon2i_PASSWD_MAX <= ARGON2_MAX_PWD_LENGTH);
|
43
52
|
return crypto_pwhash_argon2i_PASSWD_MAX;
|
44
53
|
}
|
45
54
|
|
46
55
|
size_t
|
47
56
|
crypto_pwhash_argon2i_saltbytes(void)
|
48
57
|
{
|
58
|
+
COMPILER_ASSERT(crypto_pwhash_argon2i_SALTBYTES >= ARGON2_MIN_SALT_LENGTH);
|
59
|
+
COMPILER_ASSERT(crypto_pwhash_argon2i_SALTBYTES <= ARGON2_MAX_SALT_LENGTH);
|
49
60
|
return crypto_pwhash_argon2i_SALTBYTES;
|
50
61
|
}
|
51
62
|
|
@@ -64,24 +75,28 @@ crypto_pwhash_argon2i_strprefix(void)
|
|
64
75
|
size_t
|
65
76
|
crypto_pwhash_argon2i_opslimit_min(void)
|
66
77
|
{
|
78
|
+
COMPILER_ASSERT(crypto_pwhash_argon2i_OPSLIMIT_MIN >= ARGON2_MIN_TIME);
|
67
79
|
return crypto_pwhash_argon2i_OPSLIMIT_MIN;
|
68
80
|
}
|
69
81
|
|
70
82
|
size_t
|
71
83
|
crypto_pwhash_argon2i_opslimit_max(void)
|
72
84
|
{
|
85
|
+
COMPILER_ASSERT(crypto_pwhash_argon2i_OPSLIMIT_MAX <= ARGON2_MAX_TIME);
|
73
86
|
return crypto_pwhash_argon2i_OPSLIMIT_MAX;
|
74
87
|
}
|
75
88
|
|
76
89
|
size_t
|
77
90
|
crypto_pwhash_argon2i_memlimit_min(void)
|
78
91
|
{
|
92
|
+
COMPILER_ASSERT((crypto_pwhash_argon2i_MEMLIMIT_MIN / 1024U) >= ARGON2_MIN_MEMORY);
|
79
93
|
return crypto_pwhash_argon2i_MEMLIMIT_MIN;
|
80
94
|
}
|
81
95
|
|
82
96
|
size_t
|
83
97
|
crypto_pwhash_argon2i_memlimit_max(void)
|
84
98
|
{
|
99
|
+
COMPILER_ASSERT((crypto_pwhash_argon2i_MEMLIMIT_MAX / 1024U) <= ARGON2_MAX_MEMORY);
|
85
100
|
return crypto_pwhash_argon2i_MEMLIMIT_MAX;
|
86
101
|
}
|
87
102
|
|
@@ -128,20 +143,29 @@ crypto_pwhash_argon2i(unsigned char *const out, unsigned long long outlen,
|
|
128
143
|
unsigned long long opslimit, size_t memlimit, int alg)
|
129
144
|
{
|
130
145
|
memset(out, 0, outlen);
|
131
|
-
|
132
|
-
|
133
|
-
|
146
|
+
if (outlen > crypto_pwhash_argon2i_BYTES_MAX) {
|
147
|
+
errno = EFBIG;
|
148
|
+
return -1;
|
149
|
+
}
|
150
|
+
if (outlen < crypto_pwhash_argon2i_BYTES_MIN) {
|
151
|
+
errno = EINVAL;
|
152
|
+
return -1;
|
153
|
+
}
|
154
|
+
if (passwdlen > crypto_pwhash_argon2i_PASSWD_MAX ||
|
155
|
+
opslimit > crypto_pwhash_argon2i_OPSLIMIT_MAX ||
|
156
|
+
memlimit > crypto_pwhash_argon2i_MEMLIMIT_MAX) {
|
134
157
|
errno = EFBIG;
|
135
158
|
return -1;
|
136
159
|
}
|
137
|
-
if (
|
138
|
-
opslimit <
|
160
|
+
if (passwdlen < crypto_pwhash_argon2i_PASSWD_MIN ||
|
161
|
+
opslimit < crypto_pwhash_argon2i_OPSLIMIT_MIN ||
|
162
|
+
memlimit < crypto_pwhash_argon2i_MEMLIMIT_MIN) {
|
139
163
|
errno = EINVAL;
|
140
164
|
return -1;
|
141
165
|
}
|
142
166
|
switch (alg) {
|
143
167
|
case crypto_pwhash_argon2i_ALG_ARGON2I13:
|
144
|
-
if (argon2i_hash_raw((uint32_t) opslimit, (uint32_t) memlimit,
|
168
|
+
if (argon2i_hash_raw((uint32_t) opslimit, (uint32_t) (memlimit / 1024U),
|
145
169
|
(uint32_t) 1U, passwd, (size_t) passwdlen, salt,
|
146
170
|
(size_t) crypto_pwhash_argon2i_SALTBYTES, out,
|
147
171
|
(size_t) outlen) != ARGON2_OK) {
|
@@ -163,19 +187,20 @@ crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
|
|
163
187
|
unsigned char salt[crypto_pwhash_argon2i_SALTBYTES];
|
164
188
|
|
165
189
|
memset(out, 0, crypto_pwhash_argon2i_STRBYTES);
|
166
|
-
|
167
|
-
|
168
|
-
memlimit >
|
190
|
+
if (passwdlen > crypto_pwhash_argon2i_PASSWD_MAX ||
|
191
|
+
opslimit > crypto_pwhash_argon2i_OPSLIMIT_MAX ||
|
192
|
+
memlimit > crypto_pwhash_argon2i_MEMLIMIT_MAX) {
|
169
193
|
errno = EFBIG;
|
170
194
|
return -1;
|
171
195
|
}
|
172
|
-
if (passwdlen <
|
173
|
-
|
196
|
+
if (passwdlen < crypto_pwhash_argon2i_PASSWD_MIN ||
|
197
|
+
opslimit < crypto_pwhash_argon2i_OPSLIMIT_MIN ||
|
198
|
+
memlimit < crypto_pwhash_argon2i_MEMLIMIT_MIN) {
|
174
199
|
errno = EINVAL;
|
175
200
|
return -1;
|
176
201
|
}
|
177
202
|
randombytes_buf(salt, sizeof salt);
|
178
|
-
if (argon2i_hash_encoded((uint32_t) opslimit, (uint32_t) memlimit,
|
203
|
+
if (argon2i_hash_encoded((uint32_t) opslimit, (uint32_t) (memlimit / 1024U),
|
179
204
|
(uint32_t) 1U, passwd, (size_t) passwdlen, salt,
|
180
205
|
sizeof salt, STR_HASHBYTES, out,
|
181
206
|
crypto_pwhash_argon2i_STRBYTES) != ARGON2_OK) {
|
@@ -191,12 +216,12 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
|
|
191
216
|
{
|
192
217
|
int verify_ret;
|
193
218
|
|
194
|
-
if (passwdlen >
|
219
|
+
if (passwdlen > crypto_pwhash_argon2i_PASSWD_MAX) {
|
195
220
|
errno = EFBIG;
|
196
221
|
return -1;
|
197
222
|
}
|
198
223
|
/* LCOV_EXCL_START */
|
199
|
-
if (passwdlen <
|
224
|
+
if (passwdlen < crypto_pwhash_argon2i_PASSWD_MIN) {
|
200
225
|
errno = EINVAL;
|
201
226
|
return -1;
|
202
227
|
}
|
@@ -211,3 +236,55 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
|
|
211
236
|
}
|
212
237
|
return -1;
|
213
238
|
}
|
239
|
+
|
240
|
+
static int
|
241
|
+
_needs_rehash(const char *str, unsigned long long opslimit, size_t memlimit,
|
242
|
+
argon2_type type)
|
243
|
+
{
|
244
|
+
unsigned char *fodder;
|
245
|
+
argon2_context ctx;
|
246
|
+
size_t fodder_len;
|
247
|
+
int ret = -1;
|
248
|
+
|
249
|
+
fodder_len = strlen(str);
|
250
|
+
memlimit /= 1024U;
|
251
|
+
if (opslimit > UINT32_MAX || memlimit > UINT32_MAX ||
|
252
|
+
fodder_len >= crypto_pwhash_STRBYTES) {
|
253
|
+
errno = EINVAL;
|
254
|
+
return -1;
|
255
|
+
}
|
256
|
+
memset(&ctx, 0, sizeof ctx);
|
257
|
+
if ((fodder = (unsigned char *) calloc(fodder_len, 1U)) == NULL) {
|
258
|
+
return -1; /* LCOV_EXCL_LINE */
|
259
|
+
}
|
260
|
+
ctx.out = ctx.pwd = ctx.salt = fodder;
|
261
|
+
ctx.outlen = ctx.pwdlen = ctx.saltlen = (uint32_t) fodder_len;
|
262
|
+
ctx.ad = ctx.secret = NULL;
|
263
|
+
ctx.adlen = ctx.secretlen = 0U;
|
264
|
+
if (decode_string(&ctx, str, type) != 0) {
|
265
|
+
errno = EINVAL;
|
266
|
+
ret = -1;
|
267
|
+
} else if (ctx.t_cost != (uint32_t) opslimit ||
|
268
|
+
ctx.m_cost != (uint32_t) memlimit) {
|
269
|
+
ret = 1;
|
270
|
+
} else {
|
271
|
+
ret = 0;
|
272
|
+
}
|
273
|
+
free(fodder);
|
274
|
+
|
275
|
+
return ret;
|
276
|
+
}
|
277
|
+
|
278
|
+
int
|
279
|
+
crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES],
|
280
|
+
unsigned long long opslimit, size_t memlimit)
|
281
|
+
{
|
282
|
+
return _needs_rehash(str, opslimit, memlimit, Argon2_i);
|
283
|
+
}
|
284
|
+
|
285
|
+
int
|
286
|
+
crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES],
|
287
|
+
unsigned long long opslimit, size_t memlimit)
|
288
|
+
{
|
289
|
+
return _needs_rehash(str, opslimit, memlimit, Argon2_id);
|
290
|
+
}
|